Electronic health records breach reported

Bon Secours has terminated the employment of two CNAs, certified nursing assistants, for improper use of the health system's electronic medical records at Mary Immaculate Hospital in Newport News, it announced Wednesday.

The security breach, which occurred between April 2012 and April 2013, has potentially compromised the records of 5,000 patients, according to Lynne Zultanky, administrative director, marketing and public relations. "They accessed our electronic records inconsistent with our training, their job functions and our privacy practices," she said. The hospital is in the process of notifying by mail all those who might be affected.

The information accessed included "one or more of the following: patient name; dates and times of service, provider and facility names; internal hospital medical record and account numbers, which may have included social security number; date of birth; and treatment information, such as diagnosis, medications and vital signs," according to a Bon Secours press release.

Mary Immaculate Hospital has been using electronic medical records since April 2012, and this was the first instance of any reportable security issues, according to Zultanky. Law enforcement has been notified and local, state and federal authorities are conducting an investigation to determine if any patient information may have been used illegally.

The health system has contracted with Kroll Advisory Solutions to provide affected patients with free services regarding identity theft safeguards. It is directing all patient inquiries to Kroll at 1-866-599-7347; available between 9 a.m. and 6 p.m. EST Monday through Friday. Patients will need a membership number provided in the hospital's letter in order to use the service.